...and you like it

Today my wife and I celebrate our fifth anniversary of being legally
married. If you’ve read my blog long enough, you might have seen this
post
which suggests we were married June 14, not September 12.

It’s all pretty simple, you see. We had our wedding ceremony on June 14
2003, but were secretly legally married on September 12, 2002.

Ok perhaps the term secretmarriage is a bit too strong. But it
sounds cool, doesn’t it? The story is that at the time, my wife wanted
to take a long trip back to Japan before our planned wedding.
Unfortunately, with the tightening up of immigration following September
11, we were concerned she’d have trouble coming back. So we got legally
married at the Beverly Hills Courthouse to make sure she could return.

Recently we decided to follow the DRY principle (Don’t Repeat Yourself)
and only really celebrate our legal anniversary, as it keeps it simple
for me.

Hard enough for a guy to remember one anniversary much less two!

So to Akumi (yes, she actually reads my blog), Happy Anniversary. I love
you very much! And I was going to post that other silly pic of you we
found, but I want to live to see the next five years of our life
together.

Last night I nearly lost a dear friend of mine. Now this is the sort of
story most men, myself included, would understandably want keep to
themselves. Although this deviates from my normal content, I feel a duty
to tell all in this age of transparency because while I was in the
middle of the ordeal, I turned to Google for help and didn’t find the
information I needed. I write this in the hopes it helps some
unfortunate guy in the future.

The
story begins late last night around 1:15 AM as I turned in to bed for
the night. Tossing and turning, I started to feel a pain in my lower
abdomen and right testicle. I could feel that my right testicle was
swollen and a bit harder than one would expect. It felt like an
impossibly bad case of blue
balls.
The worst case imaginable.

Since I hate dealing with hospitals and such, I tried to sleep it off
telling myself it would be fine in the morning, as if somehow the
Nut-helper Fairy would come in the middle of the night and make it all
better.

Suffice it to say, when your genital region is in pain, it’s pretty damn
difficult to get a good night’s sleep. You shouldn’t screw around
(forgive the pun) when you have a pain in that region. So I got up,
Googled it, found nothing but scary stories about testicular cancer and
painful hernias, and decided then I should go see a doctor. I told my
wife I had to go and I proceeded to walk over to the neighborhood
Emergency Room at 2:30 AM.

During triage I explained that the pain was around a 7 on a scale of 1
to 10, it was a dull intense pain, not sharp, and it was constant, not
coming in waves, centered around my testicle and my lower abdomen area.

After I was moved to a gurney, the doctor began black box
testing
on me. It’s not unlike debugging a bug in code for which you don’t have
any means to step through a debugger. He’d prod around narrowing down
the possible diagnoses. However, unlike debugging code, this process was
excruciatingly painful.

After manhandling my right nut for a while, the doctor diagnosed me
with Testicular
Torsion.
Wikipedia defines it thusly…

In testicular torsion the spermatic cord that provides the blood
supply to a testicle is twisted, cutting off the blood supply, often
causing orchalgia. Prolonged testicular torsion will result in the
death of the testicle and surrounding tissues.

I define it as ow! ow! that fucking hurts!

So the doctor leaves to order an ultrasound and returns not long after
to “try one more thing.” He then proceeds to grab the nut and twist it
around, asking me to let him know when the pain subsides.

Riiiiight.

A man with a latex glove is twisting my nut and asking me when it
doesn’t hurt? It doesn’t hurt when you’re not twisting it!

Exactly how I wanted to spend my Monday morning.

Amazingly enough though, the pain subsided quickly after he stopped. I
didn’t realize at the time that he was twisting it back. I thought he
was just being sadistic.

The male nurse on duty quipped afterwards…

Probably the first time that someone twisting your testicle made you
feel better, eh?

No, twisting my testicle normally elicits feelings of euphoria and joy.
Of course it’s the first time! And by Zeus’s eye I hope it’s the last.

Afterwards I was pushed on a gurney into the ultrasound room by a big
burly Russian dude who proceeded to ultrasound my testicular nether
regions. At this point, there’s really no point in having any shame or
bashfulness. I just tried to make small talk as he showed me the screen
displaying blood flowing nicely.

As I was being discharged, the doctor told me it was a good thing I went
in. Left untreated for around six hours, I could have lost the testicle.
I later looked it up and this is what Wikipedia has to say on the
subject (emphasis mine).

Testicular torsion is a medical emergency that needs immediate
treatment. If treated within 6 hours, there is nearly a 100% chance
of saving the testicle. Within 12 hours this rate decreases to 70%,
within 24 hours is 20%, and after 24 hours the rate approaches 0.
(eMedicineHealth) Once the testicle is dead it must be removed to
prevent gangrenous infection.

Yeah, I’m going to be having nightmares too. In any case, it seems that
all is well. I still have a slight bit of discomfort not unlike the
feeling in your gut long after someone kicks you in the groin and I’ve
been walking around a bit gingerly, worried any sudden movement might
cause a relapse.

The moral of this story is when you have an intense pain in the balls,
don’t be a tough guy about it. Go to the emergency room and be safe
about it. No use trying to be stoic and losing a nut over it.

My next step now is to make an appointment with a Urologist so I can
have yet another doctor see me in all my glory and make sure it’s all
good.

To the doctor at the local neighborhood Emergency Room, I owe you a big
one. Because of him, the next time someone asks me, “Hey! How’s it
hanging” I can answer, “Pointed in the right direction.”

Not too long ago I wrote a blog post on some of the benefits of Duck
Typing
for C# developers. In that post I wrote up a simplified code sample
demonstrating how you can cast the HttpContext to an interface you
create called IHttpContext, for lack of a better name.

Well
I couldn’t just sit still on that one so I used Reflector and a lot of
patience and created a set of interfaces to match the Http intrinsic
classes. Here is a full list of interfaces I created along with the
concrete existing class (all in the System.Web namespace except where
otherwise stated) that can be cast to the interface (ones in bold are
the most commonly used.

ICache - Cache

IHttpApplication - HttpApplication

IHttpApplicationState - HttpApplicationState

IHttpCachePolicy - CachePolicy

IHttpClientCertificate - HttpClientCertificate

IHttpContext -HttpContext

IHttpFileCollection - HttpFileCollection

IHttpModuleCollection - HttpModuleCollection

IHttpRequest - HttpRequest

IHttpResponse - HttpResponse

IHttpServerUtility - HttpServerUtility

IHttpSession- System.Web.SessionState.HttpSessionState

ITraceContext - TraceContext

As an aside, you might wonder why I chose the name IHttpSession
instead of IHttpSessionState for the class HttpSessionState. It
turns out that there already is an IHttpSessionState interface, but
HttpSessionState doesn’t inherit from that interface. Go figure. Now
that’s a juicy tidbit you can whip out at your next conference cocktail
party.

Note that I focused on classes that don’t have public constructors and
are sealed. I didn’t want to follow the entire object graph!

I also wrote a simple WebContext class with some helper methods. For
example, to get the current HttpContext duck typed as IHttpContext,
you simply call…

IHttpContextcontext=WebContext.Current;

I also added a bunch of Cast methods specifically for casting http
intrinsic types. Here’s some demo code to show this in action. Assume
this code is running in the code behind of your standard ASPX page.

publicvoidHelloWorld(IHttpResponseresponse){response.Write("<p>Who’s the baddest!</p>");}protectedvoidPage_Load(objectsender,EventArgse){//Grab it from the http context.HelloWorld(WebContext.Current.Response);//Or cast the actual Response object to IHttpResponseHelloWorld(WebContext.Cast(Response));}

The goal of this library is to make it very easy to refactor existing
code to use these interfaces (should you so desire), which will make
your code less tied to the System.Web classes and more mockable.

Why would you want such a thing? Making classes mockable makes them
easier to test, that’s a worthy goal in its own right. Not only that,
this gives control over dependencies to you, as a developer, rather than
having your code tightly coupled to the System.Web classes. One
situation I’ve run into is wanting to write a command line tool to
administer Subtext on my machine. Being able to substitute my own
implementation of IHttpContext will make that easier.

UPDATE: The stack overflow problem mentioned below has since been fixed
within the Duck Typing library.

One other note as you look at the code. You might notice I’ve had to
create extra interfaces (commented with a //Hack). This works around a
bug I found with the Duck Casting library reproduced with this code…

Calling FooTester.StackOverflowTest will cause a stack overflow
exception. The fix is to do the following.

publicinterfaceIFoo2:IFoo{}publicclassIFoo{IFoo2ChildFoo{get;}}

In any case, I hope some of you find this useful. Let me know if you
find any bugs or mistakes. No warranties are implied. Download the
code
from here which includes the HttpInterfaces class library with all the
interfaces, a Web Project with a couple of tests, and a unit test
library with more unit tests.

Ayende recently wrote about
Microsoft’s “annoying” tendency to duplicate the
efforts of
perfectly capable Open Source Software already in existence. In the
post, he references this post by Scott
Bellware which
lists several cases in which Microsoft duplicated the efforts of OSS
software.

In his post, Ayende dismisses this argument as “lawyer-paranoia”. While
I agree to some extent that it is paranoia, not all paranoia is bad. I
think this point bears more thoughtful responses than simply dismissing
it as FUD.

Microsoft really is a huge fat target with a gigantic bullseye on its
forehead in the form of lots and lots of money. At that size, the rules
of engagement changes when compared to smaller companies.

Nobody is going after small fries who release open source code such as
Ayende or myself. But as soon a big fry like Microsoft starts bundling
open source code, watch out for the armies of patent trolls, lawyers in
tow, coming out of the woodwork.

As an aside, some commenters mention the “commercial friendliness” of
the licenses of the projects they would like bundled such as
the BSD
and
MIT licenses.
However, as far as I know, none of these licenses have any patent
protection in the same way that the
GPL does. Perhaps
Microsoft should require bundled OSS software to be licensed with the
GPL. I kid! I kid! We’d probably see Steve Ballmer grooving to an IPod
in a pink leotard before that happens.

Back to the point at hand. Having said all that, while I think this is a
difficult challenge, I don’t think it is an insurmountable
challenge. Microsoft can afford an army of lawyers and hopefully some of
them are extremely bright and can come up with creative solutions that
might allow Microsoft to leverage and even bundle Open Source software
in a safe manner. After all, they already face the same risk by allowing
any employee to write and ship code. Employees are not immune to
lapses of judgement.

We already see progress happening in regards to Microsoft and Open
Source. The
IronRuby
project will accept source code
contributions,
but most likely with some strict limitations and with required paperwork
like the Free Software Foundation does. Progress can be made on this
front, but it won’t happen overnight.

How Should They Choose?

For the sake of argument, suppose that Microsoft deals with all the
legal issues and does decide to start bundling OSS software. How should
they choose which software to bundle?

For mock object frameworks, Scott Bellware mentions Rhino
Mocks, a
mock framework I’ve written about a few
times and
would agree with this choice. But what
about NMock which has been around longer as
far as I know. I think Scott and Ayende would both agree that popularity
or seniority should not trump technical quality in choosing which
project to bundle. I personally would choose Rhino Mocks over NMock any
day of the week.

Bellware’s post also lists
NUnit. While NUnit has been
around longer than
MbUnit, in my
opinion I think it is pretty clear that MbUnit is technically a much
better testing framework. Naturally, I’m sure there are many fans of
NUnit who would disagree vehemently. Therein lies the conflict. No
matter which framework Microsoft chooses, there will be many who are
unhappy with the choice.

If Microsoft had chosen to not write its own test framework, I fear they
would have chosen NUnit over MbUnit simply because it’s more well known
or for political reasons. Such a choice would have the potential to hurt
a project like MbUnit in the never ending competition for users and
contributors.

The fact that the MS Test sucks so much is, in a way, a boon to NUnit
and MbUnit. Please understand I’m not saying that “Because choosing a
project is hard, it shouldn’t or can’t be done”. I’m merely suggesting
that if we’re clamoring for Microsoft to start bundling instead of
duplicating, we ought to offer ideas on how that should happen and be
prepared for the ramifications of such choices.

So what do I think they should do?

Let’s look at one situation in particular that appears to be an annoying
duplication of efforts. A while back, Microsoft identified a business
opportunity to create an integrated development IDE suite which included
code coverage, bug tracking, unit testing, etc… They came out with
Team System which included a unit testing framework that wasn’t even
near par with NUnit or MbUnit.

This is a situation in which many have argued that Microsoft should have
bundled NUnit with Team System rather than writing their own.

While we can continue to argue the merits of whether Microsoft should or
shouldn’t bundle Open Source software, the official stance currently
appears to be that it is too much of a liability to do so. So rather
than keep arguing that point, let’s take a step back and for the sake of
argument, accept it as a given.

So given that Microsoft couldn’t bundle NUnit, what should have they
done?

They should have given developers a choice.

What I would have liked to have seen is for Team System to provide
extensibility points which make it extremely easy to swap out MS Test
for another testing framework. MS Test isn’t the money maker for
Microsoft, it’s the whole integrated suite that brings in the moolah, so
being able to replace it doesn’t hurt the bottom line.

Given the inability to bundle NUnit, I can understand why Microsoft
would write their own test framework. They wanted a complete
integrated suite. It wouldn’t work to ship something without a test
framework so they provided a barely adequate one. Fine. But why not
allow me to switch that out with MbUnit and still have the full
non-degraded integrated experience?

Microsoft could have then worked with the OSS communities to provide
information and maybe even some assistance with integrating with Team
System.

This is not unprecedented by any means. It’s very similar to how
Microsoft cooperates with control vendors who build WinForms and ASP.NET
widgets and controls.

Microsoft doesn’t provide a GridView, tells us developers that’s all
we’ll ever need for displaying data, and then closes the door on other
control vendors who might want to provide developers with an alternative
grid control. Hell no.

Instead, they make it easy for control vendors to provide their own
controls and have a first-class integrated experience (with design time
support etc…) within the Visual Studio IDE because they recognize they
don’t have the bandwidth to build everything top shelf. This sort of
forward thinking should apply anytime they plan to ship a crappy stopgap
implementation.

In my last
post,
I wrote about how most email validation routines are too strict when
compared against what is allowed by the RFC. Initially I dismissed this
phenomena as the result of ignorance of the RFC or inability to
understand it, as I had trouble understanding it myself.

However, I think there’s something more fundamental at work here when it
comes to validating user data. It seems that many developers, myself
included, choose to ignore Postel’s
Law when
it comes to field validation. Postel’s law states…

Be conservative in what you do; be liberal in what you accept from
others.

Postel wrote that in an RFC that defined TCP, but it applies much more
broadly. It’s natural that developers, used to the exacting nature of
writing code for a compiler, where even the most minor of typos can
bring a program screeching to a halt, have a tendency to apply such
exactitude on their users.

Few things confuse users as often as requiring that users provide
information in a specific format. Format requirements for information
like telephone number fields are particularly common. There are many
ways these numbers can be represented:

* (800) 555-1212\
* 800-555-1212\
* 800.555.1212\
* 800 555 1212

Ultimately, the format we likely need is the one that only contains
numbers:

* 8005551212

There are three ways to handle this. The first method tells the user
that a specific format of input is required and returns them to the
form with an error message if they fail to heed this instruction.

The second method is to split the telephone number input into three
fields. This method presents the user with two possible striking
usability hurdles to overcome. First, the user might try to type the
numbers in all at once and get stuck because they’ve just typed their
entire telephone number into a box which only accepts three digits.
The “ingenious” solution to this problem was to use JavaScript to
automatically shift the focus to the next field when the digit limit
is achieved. Has anyone else here made a typo in one of these types of
forms and gone through the ridiculous process of trying to return
focus to what Javascript sees as a completed field? Raise your hands;
don’t be shy! Yes, I see all of you.

Be reasonable; are we so afraid of regular expressions that we can’t
strip extraneous characters from a single input field? Let the users
type their telephone numbers in whatever they please. We can use a
little quick programming to filter out what we don’t need.

The recommendation they give fits with Postel’s law by being liberal in
what they accept from the user. The computer is really really good at
text processing and cleaning up such data, so why not leverage that fast
computation, rather than throwing a minor annoyance at your users. No
matter how small the annoyance, every little mental annoyance begins to
add up. As Jacob Nielsen
writes
(emphasis his)…

Annoyances matter, because they compound. If the offending
state-field drop-down were a site’s only usability violation, I’d
happily award the site a gold star for great design. But sites
invariably have a multitude of other annoyances, each of which delays
users, causes small errors, or results in other unpleasant
experiences.

A site that has many user-experience annoyances:

appears sloppy and unprofessional,

demands more user time to complete tasks than competing sites
that are less annoying, and

feels somewhat jarring and unpleasant to use, because each
annoyance disrupts the user’s flow.

Even if no single annoyance stops users in their tracks or makes them
leave the site, the combined negative impact of the annoyances will
make users feel less satisfied. Next time they have business to
conduct, users are more likely to go to other sites that make them
feel better.

However, in the case of the email validation, the problem is much
worse. It violates the golden rule of field validation (I’m not sure
if there is a golden rule already, but there is now)…

Never ever reject user input when it truly is valid.

In the comments of my last post, several users lamented the fact that
they can’t use a clever GMail hack for their email address because most
sites (mine included at the time, though I’ve since fixed it) reject the
email.

With Gmail you can append a tag to your email address. So let’s say
you have “name@gmail.com” you can give someone an email address of
“name++sometag@gmail.com” and it will faithfully arrive in your inbox.
The use of this for me is that I can track who’s selling my email
address or at least who I gave my email to that is now abusing it.

For fun, I wrote a crazy regular expression to attempt to validate an
email address correctly according to the RFC, but in the end, this was a
case of Regex abuse, not Regex
use. But
as one commenter pointed out…

THE ONLY WAY TO VALIDATE AN EMAIL ADDRESS IS TO DELIVER A MESSAGE TO
IT!

This served to drive home the point that attempting to strictly validate
an email address on the client is pointless. The type of validation you
do should really depend on the importance of that email address.

For example, when leaving a comment on my form, entering an email
address is optional. It’s never displayed, but it allows me to contact
you directly if I have a personal response and it also causes your
Gravatar to be displayed if you have one. For something like this, I
stick with a really really simple email address validation purely for
the purpose of avoiding typos…

^.+?@.+$

However, for a site that requires registration (such as a banking site),
having the correct email address to reach the user is critical. In that
case it might make sense to have the user enter the email twice (to help
avoid typos, though most users simply copy and paste so the efficacy of
this is questionable) and then follow up with a verification email.

In the end, developers need to loosen up and let users be somewhat
liberal about what they enter in a form. It takes more code to clean
that up, but that code only needs to be written once, as compared to the
many many users who have to suffer through stringent form requirements.

Raise your hand if you know how to validate an email address. For those of you with your hand in the air, put it down quickly before someone sees you. It’s an odd sight to see someone sitting alone at the keyboard raising his or her hand. I was speaking metaphorically.

Before yesterday I would have raised my hand (metaphorically) as well. I needed to validate an email address on the server. Something I’ve done a hundred thousand times (seriously, I counted) using a handy dandy regular expression in my personal library.

This time, for some reason, I decided to take a look at my underlying assumptions. I had never actually read (or even skimmed) the RFC for an email address. I simply based my implementation on my preconceived assumptions about what makes a valid email address. You know what they say about assuming.

What I found out was surprising. Nearly 100% of regular expressions on the web purporting to validate an email address are too strict.

It turns out that the local part of an email address, the part before the @ sign, allows a lot more characters than you’d expect. According to section 2.3.10 of RFC 2821 which defines SMTP, the part before the @ sign is called the local part (the part after being the host domain) and it is only intended to be interpreted by the receiving host…

Consequently, and due to a long history of problems when intermediate
hosts have attempted to optimize transport by modifying them, the
local-part MUST be interpreted and assigned semantics only by the host
specified in the domain part of the address.

Section section 3.4.1 of RFC 2822 goes into more detail about the specification of an email address (emphasis mine).

An addr-spec is a specific Internet identifier that contains a locally
interpreted string followed by the at-sign character (“@”, ASCII value
64) followed by an Internet domain. The locally interpreted string is
either a quoted-string or a dot-atom.

A dot-atom is a dot delimited series of atoms. An atom is defined in section 3.2.4 as a series of alphanumeric characters and may include the following
characters (all the ones you need to swear in a comic strip)…

! $ & * - = \^ ` | ~ # % ‘ + / ? _ { }

Not only that, but it’s also valid (though not recommended and very uncommon) to have quoted local parts which allow pretty much any
character. Quoting can be done via the backslash character (what is commonly known as escaping) or via surrounding the local part in double quotes.

RFC 3696, Application Techniques for Checking and Transformation of Names, was written by the author of the SMTP protocol (RFC 2821) as a human readable guide to SMTP. In section 3, he gives some examples of valid email addresses.

Quick, run these through your favorite email validation method. Do they all pass?

For fun, I decided to try and write a regular expression (yes, I know I now have two problems. Thanks.) that would validate all of these. Here’s what I came up with. (The part in bold is the local part. I am not worrying about checking my assumptions for the domain part for now.)

Before you call me a completely anal nitpicky numnut (you might be right, but wait anyways), I don’t think this level of detail in email validation is absolutely necessary. Most email providers have stricter rules than are required for email addresses. For example, Yahoo requires that an email start with a letter. There seems to be a standard stricter set of rules most email providers follow, but as far as I can tell it is undocumented.

I think I’ll sign up for an email address like phil.h\@\@ck@haacked.com and start bitching at sites that require emails but don’t let me create an account with this new email address. Ooooooh I’m such a troublemaker.

The lesson here is that it is healthy to challenge your preconceptions and assumptions once in a while and to never let me near an RFC.

UPDATES: Corrected some mistakes I made in reading the RFC. See! Even after reading the RFC I still don’t know what the hell I’m doing! Just goes to show that programmers can’t read. I updated the post to point to RFC 822 as well. The original RFC.

For most dynamic languages, this phrase is slightly inaccurate in
describing duck typing. To understand why, let’s take a quick look at
what duck typing is about.

Duck Typing Explained

Duck
typing allows an object to be passed in to a method that expects a
certain type even if it doesn’t inherit from that type. All it has to do
is support the methods and properties of the expected type in use by
the method.

I emphasize that last phrase for a reason. Suppose we have a method that
takes in a duck instance, and another method that takes in a rabbit
instance. In a dynamically typed language that supports duck typing, I
can pass in my object to the first method as long as my object supports
the methods and properties of duck in use by that method. Likewise, I
can pass my object into the second method as long as it supports the
methods and properties of rabbit called by the second method. Is my
object a duck or is it a rabbit? Like the above image, it’s neither and
it’s both.

In many (if not most) dynamic languages, my object does not have to
support all methods and properties of duck to be passed into a
method that expects a duck. Same goes for a method that expects
a rabbit. It only needs to support the methods and properties of the
expected type that are actually called by the method.

The Static Typed Backlash

Naturally, static typing proponents have formed a backlash against
dynamic typing, claming that all hell will break loose when you give up
static typing. A common reaction (and I paraphrase) to David’s duck
typing project goes something like

Give me static types or give me death!

Now I love compiler checking as much as the next guy, but I don’t
understand this attitude of completely dismissing a style of programming
that so many are fawning over.

Well, actually I do understand…kinda. So many programmers were burned
by their days of programming C (among other languages) and its type
unsafety which caused many stupid runtime errors that it’s been drilled
into their heads that static types are good, just, and the American way.

And for the most part, it’s true, but making this an absolute starts to
smell like the monkey cage
experiment in
that we ignore changes in software languages and tooling that might
challenge the original reasons we use static types because we’ve done
it this way for so long.

What I’m trying to get to is that in my experience there’s a balance
between the value of strong static typing and the resulting impact
that it makes on your productivity. The argument that “strong static
is obviously better” is generally made by folks who haven’t had the
experience of being dramatically more productive in an alternative
language. When you have this experience, you see that the overhead
of strong static typing isn’t always beneficial, because sometimes
it slows you down enough that it ends up having a big impact on
productivity.

The key point here is that static typing doesn’t come without a cost.
And that cost has to be weighed on a case by case basis against the
benefits of dynamic languages.

C# has used duck typing for a long time

Interestingly enough, certain features of C# already use duck typing.
For example, to allow an object to be enumerated via the C# foreach
operator, the object only needs to implement a set of methods as
Krzystof
Cwalina
of Microsoft points out in this
post…

Provide a public method GetEnumerator that takes no parameters and
returns a type that has two members: a) a method MoveNext that takes
no parameters and return a Boolean, and b) a property Current with a
getter that returns an Object.

You don’t have to implement an interface to make your object enumerable
via the foreach operator.

A Very Useful Use Case For When You Might Use Duck Typing

If you’ve followed my blog at all, you know that I’ve gone through all
sorts of contortions to try and mock the HttpContext object via the
HttpSimulator
class.
The problem is that I can’t use a mock framework because HttpContext
is a sealed class and it doesn’t implement an interface that is useful
to me.

Not only that, but the properties of HttpContext I’m interested in
(such as Request and Response) are sealed classes (HttpRequest and
HttpResponse respectively). This makes it awful challenging to mock
these objects for testing. More importantly, it makes it hard to switch
to a different type of context should I want to reuse a class in a
different context such as the command line. Code that uses these classes
have a strong dependency on these classes and I’d prefer looser coupling
to the System.Web assembly.

The common approach to breaking this dependency is to create your own
IContext interface and then create another class that implements that
interface and essentially forwards method calls to an internal private
instance of the actual HttpContext. This is effectively a combination
of the composition and adapter pattern.

The problem for me is this is a lot more code to maintain just to get
around the constraints caused by static typing. Is all this additional
code worth the headache?

With the .NET Duck Typing class, I can reduce the code by a bit. Here’s
some code that demonstrates. First I create interfaces with the
properties I’m interested. In order to keep this sample short, I’m
choosing two interfaces each with one property..

Now suppose my code had a method that expects an HttpContext to be
passed in, thus tightly coupling our code to HttpContext. We can break
that dependency by changing that method to take in an instance of the
interface we created, IHttpContext, instead.

What’s great about this is that the code that contains the MyMethod
method is no longer tightly coupled to the System.Web code and does
not need to reference that assembly. Also, I didn’t have to write a
class that implements the IHttpContext interface and wraps and
forwards calls to the private HttpContext instance, saving me a lot of
typing (no pun intended).

Should I decide at a later point to pass in a custom implementation of
IHttpContext rather than the one in System.Web, I now have that
option.

Yet another benefit is that I can now test MyMethod using a mock
framework such as
RhinoMocks like
so…

You might wonder if I can go the opposite direction. Can I write my own
version of HttpContext and using duck typing cast it to HttpContext?
I tried that and it didn’t work. I believe that’s because HttpContext
is a sealed class and I think the Duck Typing Project generates a
dynamic proxy that inherits from the type you pass in. Since we can’t
inherit from a sealed class, we can’t simply cast a compatible type to
HttpContext. The above examples work because we’re duck type casting
to an interface.

With C#, if you need a class you’re writing to act like both a duck
and a rabbit, it makes sense to implement those interfaces. But
sometimes you need a class you didn’t write and cannot change (such as
the Base Class Libraries) to act like a duck. In that case, this duck
typing framework is a useful tool in your toolbox.

I chose not to play the game as I had too much going on. But now I have
family visiting and my brother (Hey Brian!) introduced me to yet another
fiendishly addictive flash game, Line Rider.
Damn you brother!

It’s not even really a game in the sense that there’s no objective other
than to build really cool courses. It’s quite similar to a physics
drawing tool. You simply start drawing lines and hit play to watch a
some little dude with a red scarf sled down your course.

The tools themselves are simple. You have a free-hand pencil tool and a
line tool. There are 3 colors of lines you can draw.

Blue - Draws a line where the sledder can sled at a normal pace.

Red - Draws a line that accelerates the sledder.

Green - Draws a line that doesn’t affect the sledder.

Using this simple set of tools, you can create some very interesting
courses across a limitless canvas.

I was quite pleased with myself for executing a loop-de-loop until my
brother showed me some of the amazing stuff that people have put
together on YouTube like these two videos:

UPDATE: Using Coral CDN to serve up my images and stylesheets ended up
being a mistake and actually slowed down my site. I’d recommend using
Amazon S3 instead if you need high bandwidth fast serving of static
content. Coral CDN is probably better for cases when you want to serve
up a large file (mp3, mpeg, etc…) and save on your bandwidth usage. It
doesn’t seem ready to be a general purpose CDN for speeding up your
site. I’ll add the ability to this code to use S3. In the meanwhile,
this code is still useful by simply restricting the extensions in the
config file to perhaps this list “mpg,mp3,mpeg,wmv,avi,zip”. Hat tip to
Jon Galloway for pointing that out.

Yahoo recently released the ever so popular YSlow add-on for
Firebug used
to help locate bottlenecks for web pages. From their developer network
site we learn…

YSlow analyzes web pages and tells you why they’re slow based on the
rules for high performance web sites. YSlow is a Firefox
add-on
integrated with the popular
Firebug web development tool.
YSlow gives you:\

YSlow provides a nice report card for your site. Here you can see the
unfortunate grade my blog gets at the time of this writing.

Naturally I couldn’t just sit there while some unknown Yahoo
disdainfully gives my blog an F. I decided to start digging into it and
start attacking specific items.

I decided to start with #2 Use a CDN which stands for Content
Distribution Network. The Yahoo YSlow help page has this to say about
CDNs.

A content delivery network (CDN) is a collection of web servers
distributed across multiple locations to deliver content more
efficiently to users. The server selected for delivering content to a
specific user is typically based on a measure of network proximity.
For example, the server with the fewest network hops or the server
with the quickest response time is chosen.

That certainly sounds useful, but the CDNs listed by Yahoo include
Akamai, Mirror Image Internet, and LimeLight Networks. These might be
great for big companies like Yahoo, but they’re a bit cost prohibitive
for small fries like us bloggers.

Coral to the Rescue

That’s when I remembered the Coral Content Distribution
Network. Jon
Galloway wrote about
this a long time
ago as
a means to save on bandwidth. The one fatal flaw at the time was that
the network only worked over port 8090. Fortunately, that little issue
has been corrected and Coral now works over port 80.

And the wonderful thing about Coral is that it’s trivially easy to use
it. All you have to do is append your domain name with **.

So this:

http://example.com/my/really/big/file.mpeg

becomes

http://example.com.nyud.net/my/really/big/file.mpeg

And now your really big file is being served up by hundreds of
geographically distributed servers. You just need to keep that file on
your server at the original location so Coral can find it when adding it
to its network.

Tell YSlow about Coral

By default, YSlow doesn’t recognize Coral as a CDN, which means
implementing Coral CDN won’t affect your YSlow grade. YSlow only
recognizes the CDNs in use by Yahoo. Fortunately, it’s pretty easy to
add Coral to the list. Just follow these steps:

Go to about:config in Firefox. You’ll see the current list of
preferences.

Right-click in the window and choose New and String to create a new
string preference.

Enter extensions.firebug.yslow.cdnHostnames for the preference
name.

For the string value, enter the hostname of your CDN, for example,
nyud.net. Do not use quotes. If you have multiple CDN
hostnames, separate them with commas.

Here’s a screenshot of the domains I added to YSlow. I’m sure I’ll think
of more to add later.

How can I automate this?

You knew I wasn’t going to write about this without providing some means
for automating this conversion, did ya? There are two approaches I could
take:

Rewrite URLs to static files on incoming posts.

Rewrite URLs on the way out.

The first approach rewrites the URL as you are posting content to your
blog. This has the distinct disadvantage that should you decide to
change the distribution network, you need to go through and rewrite
those URLs.

The second approach rewrites the URLs as they are being output as part
of the the HTTP response. The issue there is to do it properly requires
buffering up the entire output (rather than letting IIS and ASP.NET
stream it) so you can perform your regex replacements and whatnot. This
can impair performance on a large page.

I decided to go with option #1 for now for performance reasons, though
option #2 would be quite easy to implement. I wrote an HttpModule in
the same style as my Windows Live Writer crap
cleaner which
rewrites an incoming MetaWeblog API post to append nyud.net to the
domain.

The code here only works with Windows Live Writer and BlogJet (untested
in the latter case) but can be easily modified to allow posts for any
blog client (I just got lazy here) by modifying the user agent within
the method IsMetaweblogAPIPost.

The reason I didn’t write this as a WLW plugin is that it’s not yet
possible to hook into pipeline and rewrite content just before WLW posts
it to the blog. That may be coming in the future though, according
to this
comment
by Joe Cheng of the WLW
team.

Download and Use It

You can download the code
here (binaries
are included in the bin dir) in a project called HtmlScrubber. I
simply added this HttpModule to the same code as the WLW Crap Cleaner
module mentioned earlier. To use it simply add the following to your
web.config.

The list of extensions shown are the default, so you don’t need to add
this configuration section unless you want to change that list. Please
enjoy and let me know if you put this to good use. Hope this makes your
blog faster than mine.

As for me, I’m moving on to looking into
using JSMin,
JSLint, and
merging CSS files etc…

Joe Cheng, member of the
Windows Live Writer team, just
unveiled
his first publicly available Windows Live Writer plugin…

I’ve just released my first (publicly available) Windows Live Writer
plugin: Dynamic Template. It lets you write mini-plugins from
snippets of C# and HTML, and reuse them within Windows Live Writer.

It’s sort of a meta-plugin plugin. He has a screencast on how to use it,
but I’ll post a few screenshots of it in action here.

The plugin adds a new Insert Template option in the sidebar.

Clicking on this brings up a dialog with a list of templates.

Click New to bring up the template editor. I’m going to create one for
wrapping sections of html with the <code></code> tags.

First, I’ll name the template.

Then I’ll edit the template. Since this template just adds HTML around a
selection and doesn’t require that I ask for user input, I don’t need to
create a variable.

And now I can just select some text, click on Insert Template… and
double click Code. Nice!

Another useful template is one that Joe calls Htmlize.

As you can see, you can call some functions from within a template. This
one is useful for converting something like <sup>blah</sup> into
^blah^ while in the Web Layout or Normal mode.

Watch Joe’s
Screencast
for a demo of a template that takes in user input as part of the
template. There’s also some documentation located
here. This
is a pretty handy plugin that’ll be great for automating a variety of
html snippets I use often.

A coworker of mine ran into some problems using
WATIN to test
our website. Specifically issues with Javascript and AJAX. Yes, I know
there’s Selenium out
there, but I hoped for something we could run from within NUnit/MbUnit,
so that it’s nicely and easily integrated into our build process and
development environment.

He did a bit of digging and found this free web automation
infrastructure product by Art Of Test
Inc. called
WebAii (they
also have a blog).
It seems to do everything we want and more. Check out some of these
features (the full feature list is much longer).

I mentioned I’ll be at the Microsoft campus next
week.
Scott Koon (aka
LazyCoder) pinged
me about meeting up for a drinky drink and geeky geek conversation and
Sunday works best for him.

Anyone have a good recommendation for a place to get a good drink in or
near Redmond? Perhaps BillG’s hidden stash on campus? Anybody want to
join us? I think 10 or 10:30 PM works for me.

It’s standard procedure for me to roll into the morning session of a
conference completely sleep deprived and trashed from the previous
night’s celebrations. It just wouldn’t be right to not continue that
tradition.

Working at a VSIP partner has its
privileges. I’ll be up in Redmond at the Microsoft Campus for a two day
VSIP Partner Meeting on August 5^th^ and August 6^th^. We’ll be
looking at ways to make the Koders Visual Studio plugins provide a great
and well integrated experience.

I’m flying into Seattle on that Sunday to spend time with some friends
and do a bit of sightseeing (oh look, that’s what rain looks like!).
Hopefully my schedule won’t be too full so I can butt my head in a few
offices here and there to bother folks and stir up trouble.

August 7

This is more of a state of mind than a physical location as I’ll be
making an appearance on
DotNetRocks! I hope you enjoy
it.

October 27th and 28th

I’ll be speaking on Writing Automated Unit Tests for your
Website
with WATIN at the Silicon Valley Code Camp. This’ll be my first time
speaking at a Code Camp so wish me luck. I wanted to give two talks, but
decided to take it easy for my first time.

November 6-9

I’ll be in attendance and on two panels at the DotNetNuke OpenForce
conference. I’ve mentioned this one
already in
my blog. I’m pretty excited about this one.

First, let me start off with some praise. I really really like Windows
Live Writer.
I’ve praised it many times on my blog. However, there is one thing that
really annoys me about WLW, it’s utter disregard for web standards and
the fact that injects crap I don’t want or need into my content.

Of particular annoyance is the way that WLW adds attributes that are not
XHTML compliant. For example, when you use the Insert Tags feature, it
creates a div that looks something like:

First of all, the ID is a GUID that starts with a number.
Unfortunately XHTML doesn’t allow the id of an element to start with
a number.

The contenteditable attribute is not recognized in XHTML.

The style tag is superfluous and unnecessary. At the very least, it
should have been reduced to style=”padding:0; display: inline;”

The purpose of the special class and the contenteditable attribute is
to inform WLW that the html tag is editable. In the Web Layout view
(F11), you can see a hashed box around the tags like so.

Clicking on the box changes the right menu to let you enter tags.

Because I actually care about web standards and being XHTML compliant
and I’m totally anal, I’ve always gone in and manually changed the HTML
after the fact.

Today, out of pure laziness and getting fed up with this extra work I
have to do, I decided to write an HttpModule to do this repetitive task
for me via a Request Filter. A Request Filter modifies the incoming
request.

But to make things interesting, I made sure that the HttpModule makes
the changes in an intelligent manner so that no information is lost.
Rather than simply removing the cruft, I moved the cruft into the class
attribute. Thus the HTML I showed above would be transformed into this:

I also created a Response Filter to modify the outgoing response when
the client is Windows Live Writer. That allows the module to convert the
above html back into the format that WLW expects. In that manner, I
don’t break any WLW functionality.

Other Cool Cleanups

Since I was already writing this module, I decided to make it clean up a
few other annoyances.

Replaces a single between two words with a space. So
this is cool gets converted to this is cool.

Replaces <p> </p> with an empty string.

Replaces an apostophre within a word with a typoghraphical single
quote. So you can’t say that becomes you can’t say that.

Replaces atomicselection=”true”with an empty string. I don’t
re-insert this attribute back into the content yet, as I’m not sure
if it is even necessary.

Try it out!

This module should work with any ASP.NET blog engine that uses the
MetaWeblog
API. It only
responds to requests made by Windows Live Writer, so it shouldn’t
interfere with anything else you may use to post to your blog.

To use it is as easy as dropping the assembly in the bin directory and
modifying your web.config to add the following to the httpModules
section:

I’m also including the source code and unit tests, so feel free to give
it a try. Please understand that this is something I hacked together in
a day, so it may be a bit rough around the edges and I give no warranty.
Having saidthat, I’m pretty confident it won’t screw up your HTML.

I have plans to add other features and cleanups in the future. For
example, it wouldn’t be hard to add a configuration section that allows
one to specify other regular expressions and replacement patterns to
apply.

If you have any “cleanups” I should include, please let me know. If
you’re reading this post, then you know the module worked.

A year ago on this day, I wrote a blog post about the demise of
NDoc
and issued a challenge for users of Open Source Software to contribute
to their favorite projects.

So I offer the following challenge. First, ask yourself these two questions:

How much money do I save because of Open Source Software?

Considering how many people spend three bucks for a useless ring
tone, is a single dollar too much to contribute to a useful Open
Source project?

So let’s ban together and declare today, July 26, 2006, Contribute
To Open Source Day.

In looking back at my original challenge, I now believe the emphasis I
placed on monetary contribution to be slightly misguided. While I agree
to that monetary contributions are helpful for infrastructure support
costs (hosting websites, build servers etc…), there are many other
means of contributing that are even more valuable, if you have the time.
Money is just the easiest way to contribute.

Consider the following options…

Contribute a bug fix

Help verify bug reports

Submit a unit test to help provide code coverage

Test

Write documentation

Submit feature requests

Help answer questions in the forums

Tell the developers how much you appreciate the product

…

I think #8 is often lost in the shuffle. I’m quick to submit a bug
report, but I forget to tell the developers of a fine product such as
WinMerge how much I
appreciate the product.

There are many projects that could use your help. For example, Andrew
Stopford
just announced a request for developers willing to help MbUnit
out.
What a great opportunity to work on some really cool code.

Subtext is always
looking for contributors, especially now that my commit frequency is
down due to my wonderful newborn son. We could use new blood to help
pick up the slack until my son cuts his teeth (once he has them) on C#
and ASP.NET (or perhaps
IronRuby
by then).

So again, please consider contributing to Open Source today in whatever
way, shape, or form you see fit. This is not a plea to guilt you into
it. Rather, consider this a friendly reminder for those of you who would
do so anyways, but forget to due to busyness, like myself.

Microsoft just unveiled a new web
property intended to clarify its
position on Open Source as well as provide a one-stop location to find
out what Microsoft is doing in the Open Source space.

Despite all the (perhaps well deserved) criticism of how Microsoft has
not supported Open Source in the past, I think the behemoth is slowly
starting to get it. Or at least groups within Microsoft are starting
to see that if they don’t embrace Open Source, Microsoft will get left
behind, much like they did for a while with the web revolution.
Embracing Open Source makes good long term business sense for Microsoft.

As a big company, Microsoft moves slowly, but there are concrete signs
of progress.

Sure, there is much more to do and I’m sure many will remain skeptical
and wary of Microsoft’s slow movement into this area. However, I see the
signs of progress and believe there will be bigger things to come.

IMPORTANT: It’s important to note that I’m securing everything in
the admin directory and that I’m making sure that elmah.axd is served
from the root /admin URL. If the httpHandler “path” element was just
“admin/elmah.axd” or “elmah.axd” I could inadverdently expose Elmah
information.

To demonstrate this in action, I’ve created a solution containing a Web
Application project with ELMAH and authentication fully implemented.

The point of this sample app is to demonstrate how to set this all up.
So for example, the login page has a button to auto-log you in. In the
real world, you’d probably use a real login form. You can also change
the authentication from Forms authentication to Windows authentication
depending on your needs. That might make sense in many scenarios.

The app demonstrates in principle how to setup and secure the
elmah.axd page. If you have SQL Express installed, you should be able
to compile and run the demo without any extra steps to see ELMAH in
action.

Funny how having a kid turns a geek’s thought to getting that perfect
camera to capture the moment. It was exactly what I did (but after
Cody was born) when my wife and I purchased a Canon PowerShot SD850 IS
Digital
ELPH
for Father’s day.

Yeah,
that’s a bit of a mouthful for a camera name, but the two letters that
were important to me were I and Swhich stands for Image
Stabilization.

The SD850 combines that with a sensitivity range up to ISO 1600 for
better photos in low light, a real problem area with my previous camera
due to its suckiness and my incredibly shaky hands. Seriously, you don’t
want me doing surgery on you.

The
other key features I was looking for was small in size (3.6 x 1 x 2.2
inches) so I can get all secret agent with it and face detection, for
better portraiture.

So far, I’m very happy with it. The pictures have been very sharp with
good color. I should have known to stick with the ELPH series as my
first ELPH took great photos despite only being 2.2 megapixel.

This one boasts 8 megapixels (really more than I need) and 4x optical
zoom. That there on the right is a picture of my son in a Brasil jersey
given to him by my wife’s Brazillian coworker. Doesn’t he look sharp?

Now you know why Brazil just beat the heavily favored Argentina in the
Copa America. Cody Power!

One surefire way to sound really really smart is to invoke a law or
principle named after some long dead guy (an alive guy is acceptable
too, but lacks slightly in smart points).

This
realization struck me the other day while I was reading a blog post that
made a reference to Postel’s law. Immediately I knew the author of this
post must be a highly intelligent card carrying member of
MENSA. He was probably sporting some
geeky XKCD t-shirt with a lame unix
joke while writing the post.

Well friends, I admit I had to look that law up, and in the process
realized I could sound just as scary smart as that guy if I just made
reference to every
eponymous
(I’ll wait while you look that one up) “law” I could find.

And as a public service, I am going to help all of you appear smart by
posting my findings here! Don’t let anyone ever say I don’t try to make
my readers look good. If you look good, I look good.

Make sure to invoke one of these in your next blog post and sound scary
smart just like me.

Postel’s Law

The law that inspired this post…

Be conservative in what you send, liberal in what you accept.

Jon Postel originally articulated this as a principle for making TCP
implementations robust. This principle is also embodied by HTML which
many attribute as a cause of its success and failure, depending on who
you ask.

In today’s highly charged political environment, Postel’s law is a
uniter.

Parkinson’s Law

Otherwise known as the law of bureaucracy, this law states that…

Work expands so as to fill the time available for its completion.

As contrasted to Haack’s Law which states that

Work expands so as to overflow the time available and spill on the
floor leaving a very sticky mess.

Pareto Principle

Also known as the 80-20 rule, the Pareto Principle states…

For many phenomena, 80% of consequences stem from 20% of the causes.

This is the principle behind the painful truth that 80% of the bugs in
the code arise from 20% of the code. Likewise, 80% of the work done in a
company is performed by 20% of the staff. The problem is you don’t
always have a clear idea of which 20%.

Sturgeon’s Revelation

The revelation has nothing to do with seafood, as one might be mistaken
to believe. Rather, it states that…

Ninety percent of everything is crud.

Sounds like Sturgeon is a conversation killer at parties. Is this a
revelation because that number is so small?

The Peter Principle

One of the most depressing laws in this list, if you happen to have
first-hand experience with this via working with incompetent managers.

In a hierarchy, every employee tends to rise to his level of
incompetence.

Just read Dilbert (or watch The Office) to get some examples of this in
action.

Hofstadter’s Law

This one is great because it is so true. I knew this law and still
this post still took longer than I expected.

A task always takes longer than you expect, even when you take into
account Hofstadter’s Law.

By the way, you get extra bonus points among your Mensa friends for
invoking a self-referential law like this one.

Murphy’s Law

The one we all know and love.

If anything can go wrong, it will.

Speaking of which, wait one second while I backup my computer.

The developer’s response to this law should be defensive
programming
and the age old boy scout motto, Be Prepared.

Brook’s Law

Adding manpower to a late software project makes it later.

Named after Fred Brooks, aka, Mr. Mythical Man
Month.
My favorite corollary to this law is the following…

The bearing of a child takes nine months, no matter how many women are
assigned.

Obviously, Brook was not a statistician.

Conway’s Law

Having nothing to do with country music, this law states…

Any piece of software reflects the organizational structure that
produced it

Put another way…

If you have four groups working on a compiler, you’ll get a 4-pass
compiler.

How many groups are involved in the software you are building?

Kerchkhoff’s Principle

This principle is named after a man who must be the only cryptographer
ever to have five consecutive consonants in his last name.

In cryptography, a system should be secure even if everything about
the system, except for a small piece of information — the key — is
public knowledge.

And thus Kerchkhoff raises the banner in the fight against Security
through
Obscurity.
This is the main principle underlying public key cryptography.